summaryrefslogtreecommitdiff
path: root/source4/torture/raw
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett2-15/+11
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij2-17/+18
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell10-1/+11
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-0/+1
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5126: the composite code is no longer client specific or smb specific, soAndrew Tridgell1-5/+5
rename the core structure to composite_context and the wait routine to composite_wait() (suggestion from metze) (This used to be commit cf11d05e35179c2c3e51c5ab370cd0a3fb15f24a)
2007-10-10r5071: Reverted (per tridge request).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 554e27023f8222cb0e2791fac924bb5a0dc97ba2)
2007-10-10r5068: I'm pretty sure an old search request is allowed to return changed caseJeremy Allison1-1/+1
versions of filenames. Tridge please check I haven't screwed this up. Jeremy. (This used to be commit 40c1e16b5bcdf520db1b514d647a7c7048e13ecc)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell23-30/+30
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r5035: fixed composite test to use --num-ops command line optionAndrew Tridgell1-20/+14
(This used to be commit f36e4cf6862c9cbcd36563007efa8dc59912d896)
2007-10-10r4951: some of the code dealing with libcli was getting too complex trying toAndrew Tridgell1-5/+5
handle the inverted memory hierarchy that a normal session establishment gave. The inverted hierarchy came from that fact that you first establish a socket, then a transport, then a session and finally a tree. That leads to the socket being at the top of the memory hierarchy and the tree at the bottom, which makes no sense from the users point of view, as they want to be able to free the tree and have everything disappear. The core problem was that the libcli interface didn't distinguish between establishing a primary context and a secondary context. If you establish a 2nd session on a transport then you want the transport to be referenced by the session, whereas if you establish a primary session then you want the transport to be a child of the session. To fix this I have added "parent_ctx" and "primary" arguments to the libcli intialisation functions. This makes using the library much easier, and gives us a memory hierarchy that makes much more sense. I was prompted to do this by a bug in the cifs backend, which was caused by the socket not being properly torn down on a disconnect due to the inverted memory hierarchy. (This used to be commit 5e8fd5f70178992e249805c2e1ddafaf6840739b)
2007-10-10r4949: First version of a fetchfile composite function which connects to a ↵Volker Lendecke1-0/+99
server and loads a file. Needs a smb url parsing wrapper. Volker (This used to be commit fa435bf7c878d4a5beb6afb2ed6e2990abc11e82)
2007-10-10r4792: use type safety int the test suite tooAndrew Tridgell1-6/+7
(This used to be commit 4a963e3b7aa38f0f6907bcd8acaaeb8c7982cafa)
2007-10-10r4779: demonstrate doing 50 parallel loadfile operations, with a callback ↵Andrew Tridgell1-13/+40
for completion (This used to be commit b8c5269482cd7c2611d785bb8831eebae2f905d2)
2007-10-10r4777: added a smb_composite_sesssetup() async composite function. ThisAndrew Tridgell1-26/+24
encapsulates all the different session setup methods, including the multi-pass spnego code. I have hooked this into all the places that previously used the RAW_SESSSETUP_GENERIC method, and have removed the old RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice side effect is that these two modules are now very simple again, back to being "raw" session setup handling, which was what was originally intended. I have also used this to replace the session setup code in the smb_composite_connect() code, and used that to build a very simple replacement for smbcli_tree_full_connection(). As a result, smbclient, smbtorture and all our other SMB connection code now goes via these composite async functions. That should give them a good workout! (This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
2007-10-10r4726: - use the name tcon and tid instead of conn and cnumStefan Metzmacher1-1/+1
- make use of talloc destructors metze (This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
2007-10-10r4710: added a smb_composite_savefile() function, and expanded the test ↵Andrew Tridgell1-7/+40
suite a little (This used to be commit ef4dbc443dbdebc4160209ed3f23cbb97109c414)
2007-10-10r4700: first attempt at a composite async function, smb_composite_loadfile(),Andrew Tridgell1-0/+77
which combineds ntcreatex, readx and close into a single call that behaves just like a normal libcli async call. (This used to be commit 516f68fb054f0717f0429e031aa820776ecc6597)
2007-10-10r4612: make the output for the w2k3 acl bug a bit clearerAndrew Tridgell1-0/+19
(This used to be commit 24ec8c4274241576683f1f6c86c33a2dfa43848c)
2007-10-10r4596: added a dynamic inheritance ACLs test. As far as I can tell w2k3 does ↵Andrew Tridgell1-10/+148
not do dynamic inheritance (This used to be commit ebe6b002843196bc6d6fadfa646aa3bc8eb27af8)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell3-11/+11
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4583: print which bit failed in the owner bits checkAndrew Tridgell1-0/+4
(This used to be commit f893ad9c45d6d06fa1b6f1f949a7834e7bf99ba7)
2007-10-10r4582: finally worked out what is going on with the inherited ACLs test and ↵Andrew Tridgell1-12/+197
win2003. It is a win2003 bug! This new test code works against w2k, and against longhorn, but fails against w2k3. When tested against w2k3 it allows a open with an access mask that should be denied by the given ACL, after setting up the ACL using inheritance. Note that only the very specific SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a special case for that mask. Maybe its an optimisation gone wrong? I don't know if there are any serious security implications to this, but it is pretty clearly wrong, and has been fixed in longhorn. (This used to be commit 4f9fd767dbb5e47f3786f5acda17267d57e839e0)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell1-1/+1
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell1-2/+2
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4463: added testing of the special SID_CREATOR_OWNER inheritance rulesAndrew Tridgell1-21/+56
(This used to be commit 5448c72ebe58e264ee772f8e1c4caee2250c328c)
2007-10-10r4422: make lp_set_cmdline("torture:dangerous", "Yes") a bool parameterStefan Metzmacher1-1/+1
metze (This used to be commit 19482a2245abbf9154423ca8997957b56333fba2)
2007-10-10r4407: stricter checking of parameters on hard link creation in the ↵Andrew Tridgell1-0/+8
RAW-RENAME test (This used to be commit b239589b00e673ae2d6254083cd324bc3b54bcdf)
2007-10-10r4402: use __location__ instead of __LINE__ in the RAW-RENAME testAndrew Tridgell1-4/+4
(This used to be commit 09ac1338209b0d0878173cfef3dca5603271b1a8)
2007-10-10r4401: stricter test for correct ACL inheritance in RAW-ACLSAndrew Tridgell1-2/+2
(This used to be commit 1bb769196377772326151210309ff12362eb0f2f)
2007-10-10r4389: added checking for the default inherited ACL, which is used when no ACEsAndrew Tridgell1-6/+39
are inheritable (This used to be commit e30b8d5783e073a31f738a36400fe866c970464b)
2007-10-10r4388: - allow ACE flags to be specified in security_descriptor_create()Andrew Tridgell1-0/+270
- added a test for all combinations of the inheritance ACE flags and how they are propogated to child directories and files (This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
2007-10-10r4364: - added support for testing of chained SMB operations in smbtortureAndrew Tridgell1-0/+58
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell - fixed a bug in handling chained fnum in openx and ntcreatex in the server (yes, I'm on holiday, but this bug was annoying me ....) (This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
2007-10-10r4317: check the count of replies in the os2 ea_list torture testAndrew Tridgell1-0/+1
(This used to be commit 10861b3fa0cbba7f5e0ec3377431a85608a13a32)
2007-10-10r4263: added support for the trans2 RAW_SEARCH_EA_LIST informationAndrew Tridgell2-8/+118
level. This is quite a strange level that we've never seen before, but is used by the os2 workplace shell. note w2k screws up this level when unicode is negotiated, so it only passes the RAW-SEARCH test when you force non-unicode (This used to be commit 25189b8fbf6515d573e3398dc9fca56505dc37b9)
2007-10-10r4243: a sniff from kukks showed that the ea_set interface in trans2 ↵Andrew Tridgell1-22/+20
setfileinfo allows for multiple EAs to be set at once. This fixes all the ea code to allow for that. (This used to be commit b26828bef5d55e5eef0e34a164e76292df45e207)
2007-10-10r4183: expanded the RAW-MKDIR torture test to test creation of EA listsAndrew Tridgell1-11/+33
(This used to be commit 0134d8e9cc5634441b1aa6841bcd332c5afcc0f3)
2007-10-10r4173: - new t2open code, that can cope with "create with EAs". Many thanksAndrew Tridgell3-104/+84
to kukks on #samba-technical for the sniffs that allowed me to work this out - much simpler ntvfs open generic mapping code - added t2open create with EA torture test to RAW-OPEN test (This used to be commit a56d95ad89b4f32a05974c4fe9a816d67aa369e3)
2007-10-10r4164: added a test that simulates a OS/2 file delete. This includes seek byAndrew Tridgell1-0/+105
name back into a directory for files that no longer exist. (This used to be commit 57204a1533687c5f7f2ee169f42584aea914154f)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-2/+6
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4074: make the RAW-ACLS test use the new lsa helper functions to determineAndrew Tridgell1-16/+39
the privileges of the user running the test. This allows the test to work out what the expected access masks are. (This used to be commit dcf6c297d372cfa421d757d43897f00ad1d4f5f5)
2007-10-10r4063: - change char * -> uint8_t in struct request_bufferStefan Metzmacher7-22/+22
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2) all this fixes a lot of gcc-4 warnings metze (This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
2007-10-10r4061: more additions to the RAW-ACLS test, to help me work out some details ↵Andrew Tridgell1-5/+54
for pvfs (This used to be commit 273165e53a606fa0a55ff8fb6fea440e19a7e285)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell2-2/+2
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4053: expanded and fixed a bug in the RAW-ACLS testAndrew Tridgell1-6/+19
(This used to be commit 0d19b4a09f4ce0b0c5e7779809c383322f4de4fc)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell4-7/+7
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4036: expanded the RAW-ACLS torture test to include tests for theAndrew Tridgell1-2/+427
generic->specific access mask mappings, and tests of the behaviour of SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED (This used to be commit f572fe6d29d5a318b24d71a2ebfa2baca2b79a10)
2007-10-10r4035: more effort on consistent naming of the access mask bits.Andrew Tridgell8-19/+19
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and SEC_RIGHTS_FULL_CONTROL, which are just other names for SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names match the new naming conventions in security.idl Also added names for the generic->specific mappings for files are directories (This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell11-60/+71
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
2007-10-10r3835: - added testing of setting an initial ACL on a file using NTTRANS createAndrew Tridgell1-0/+92
- added support for initial ACLs in pvfs backend (This used to be commit 05ee9179f74d243aa22fa00be7873c5db76a8ad1)